locked
802.1x Not Authenticating for Windows 7 RRS feed

  • Question

  • Hello,

    We have a bunch of systems that are mixed within my organization. We are testing a new 802.1x wireless authentication to get rid of the normal SSID and Passphrase that currently is setup. Now we setup everything on the Radius (NPS) and firewall side of things.

    This is where it gets weird..

    Windows 10 systems (that we are testing for deployment) connect to our 802.1x server using EAP-TLS

    MacOS systems (running Yosemite -> El capitan) have no problems connecting to our new SSID that is under 802.1x

    We want to use EAP-TLS for authentication using certificate local to the computer. We are not interested in PEAP or having AD logins.

    I made sure everything on the client side of things are correct as in WPA2-Enterprise and that it validates to the correct server.

    Windows 7 would be on 64 bit.

    When I try to trace using netsh it comes with a certificate authentication error, but this only happens with our Windows 7 systems. I checked all the NPS settings, but NPS doesn't show anything in the event logs of the drop connection. When using wireshark from a tcpdump from the firewall (Checkpoint) it shows the negotiation attempts, but then just drops off when it gets all the packets from the AP (meraki). We eliminated any GPO issues by putting them all in one OU that mirrors our current policy. I made sure on the Meraki side everything looks great (as it works for our MacOS and test Windows 10 systems). The issue only resides in our windows 7 systems which is mostly our deployment within our company. The issue we don't know if it is coming from the NPS, or the client itself. We believe it is something that the NPS doesn't like about Windows 7, but we can't point to it or get a good answer from researching online.

    I did see all the hotfixes for windows 7 on 802.1x and have tried to implement all the ones that apply to our current situation either 1) they won't install because a previous patch fixed that or 2) they did not relate to our current issue.

    Any insight on this would be very much helpful as we would love to deloy our 802.1x for our users to provide a much securer networking space within our company (which is mostly wireless.)

    If you guys need any logs from anything let me know and I will try to copy and paste what I can without giving out much of our information within our company.

    Thanks!


    Wednesday, July 6, 2016 12:45 AM

Answers